Steven Jan Springl wrote: > On Monday 14 May 2007 22:33, Tom Eastep wrote: >> On Mon, 2007-05-14 at 22:15 +0100, Steven Jan Springl wrote: >>> Tom >>> >>> With zone entry: >>> >>> vpn ipsec >>> >>> when I issue command: >>> >>> shorewall add eth0 vpn >>> >>> the following messages are generated: >>> >>> iptables v1.3.6: Couldn't load target >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object >>> file: No such file or directory >>> >>> Try `iptables -h' or 'iptables --help' for more information. >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn >>> iptables v1.3.6: Couldn't load target >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object >>> file: No such file or directory >>> >>> Try `iptables -h' or 'iptables --help' for more information. >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn >>> iptables v1.3.6: Couldn't load target >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object >>> file: No such file or directory >>> >>> Try `iptables -h' or 'iptables --help' for more information. >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn >>> iptables v1.3.6: Couldn't load target >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object >>> file: No such file or directory >>> >>> Try `iptables -h' or 'iptables --help' for more information. >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn >>> iptables v1.3.6: Couldn't load target >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object >>> file: No such file or directory >>> >>> Try `iptables -h' or 'iptables --help' for more information. >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn >> I believe this is fixed in revision 6348. >> >> Thanks, Steven >> >> -Tom > > Tom > > Revision 6348 has fixed that problem, however there is another issue. > > It now seems that is only possible to add 1 dynamic entry. > > Zones entries: > > fw firewall > lan ipv4 > wan ipv4 > dmz ipv4 > tst ipv4 > vpn ipsec > > Interfaces entries: > > lan eth0 > wan eth1 > dmz eth2 > > If I now issue the following commands: > > shorewall start > shorewall add eth0 dmz (this works) > shorewall add eth0 vpn (this produces the following messages) > > iptables: No chain/target/match by that name > ERROR: Can't add eth0:0.0.0.0/0 to zone vpn > > Despite these messages eth0 has been added to both dmz and vpn zones > in /var/lib/shorewall/zones. > > If I now change the order in which eth0 is added to zones dmz and vpn: > > shorewall clear > shorewall start > shorewall add eth0 vpn (this works) > shorewall add eth0 dmz (this now fails with the same message as above) > > This problem seems to happen no matter which interfaces I try to add to any 2 > or more zones.
Wow -- that uncovered a can of worms. I think it's all sorted out in 6352. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
